memcpy(priv->c, pk_params->params[5], SIZEOF_MPZT);
memcpy(priv->a, pk_params->params[6], SIZEOF_MPZT);
memcpy(priv->b, pk_params->params[7], SIZEOF_MPZT);
+ /* we do not rsa_private_key_prepare() because it involves a multiplication.
+ * we call it once when we import the parameters */
priv->size =
nettle_mpz_sizeinbase_256_u(TOMPZ
(pk_params->params[RSA_MODULUS]));
}
-static void
+/* returns a negative value on invalid pubkey */
+static int
_rsa_params_to_pubkey(const gnutls_pk_params_st * pk_params,
struct rsa_public_key *pub)
{
memcpy(pub->n, pk_params->params[RSA_MODULUS], SIZEOF_MPZT);
memcpy(pub->e, pk_params->params[RSA_PUB], SIZEOF_MPZT);
- pub->size = nettle_mpz_sizeinbase_256_u(pub->n);
+ if (rsa_public_key_prepare(pub) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ return 0;
}
static int
{
struct rsa_public_key pub;
- _rsa_params_to_pubkey(pk_params, &pub);
+ ret = _rsa_params_to_pubkey(pk_params, &pub);
+ if (ret < 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ENCRYPTION_FAILED);
+ goto cleanup;
+ }
ret =
rsa_encrypt(&pub, NULL, rnd_func,
bigint_t c;
_rsa_params_to_privkey(pk_params, &priv);
- _rsa_params_to_pubkey(pk_params, &pub);
+ ret = _rsa_params_to_pubkey(pk_params, &pub);
+ if (ret < 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_DECRYPTION_FAILED);
+
if (ciphertext->size != pub.size)
return
mpz_t s;
_rsa_params_to_privkey(pk_params, &priv);
- _rsa_params_to_pubkey(pk_params, &pub);
+ ret = _rsa_params_to_pubkey(pk_params, &pub);
+ if (ret < 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_PK_SIGN_FAILED);
mpz_init(s);
{
struct rsa_public_key pub;
- _rsa_params_to_pubkey(pk_params, &pub);
+ ret = _rsa_params_to_pubkey(pk_params, &pub);
+ if (ret < 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_PK_SIG_VERIFY_FAILED);
if (signature->size != pub.size)
return
{
int ret;
- if (direction == GNUTLS_IMPORT && algo == GNUTLS_PK_RSA) {
+ if (direction != GNUTLS_IMPORT)
+ return 0;
+
+ if (algo == GNUTLS_PK_RSA) {
+ struct rsa_private_key priv;
+
/* do not trust the generated values. Some old private keys
* generated by us have mess on the values. Those were very
* old but it seemed some of the shipped example private
if (ret < 0)
return gnutls_assert_val(ret);
}
- mpz_invert(TOMPZ(params->params[RSA_COEF]),
- TOMPZ(params->params[RSA_PRIME2]),
- TOMPZ(params->params[RSA_PRIME1]));
+
+ if (mpz_cmp_ui(TOMPZ(params->params[RSA_PRIME1]), 0) == 0)
+ return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+
+ if (mpz_invert(TOMPZ(params->params[RSA_COEF]),
+ TOMPZ(params->params[RSA_PRIME2]),
+ TOMPZ(params->params[RSA_PRIME1])) == 0)
+ return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
/* calculate exp1 [6] and exp2 [7] */
zrelease_mpi_key(¶ms->params[RSA_E1]);
return gnutls_assert_val(ret);
params->params_nr = RSA_PRIVATE_PARAMS;
+
+ /* perform nettle's internal checks */
+ _rsa_params_to_privkey(params, &priv);
+ ret = rsa_private_key_prepare(&priv);
+ if (ret == 0) {
+ return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+ }
}
return 0;